Description

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.

INFO

Published Date :

2025-08-29T22:15:12.472Z

Last Modified :

2025-09-02T19:24:25.237Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58159 vulnerability.

Vendors Products
Wegia
  • Wegia
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58159.

URL Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wj2c-237g-cgqp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact